Taking Steps towards Secure Manufacturing

In 2016, an independent study recognized the manufacturing industry as the second most attacked industry. While the healthcare sector is still the most frequently attacked, attacks on manufacturing come as no surprise since it's an expansive industry that includes the automotive, textile, electronic and other subgroups that manufacture a multitude of different products.

Motivations behind manufacturing attacks

Based on previous incidents involving attacks on manufacturing facilities, we've learned that attackers are fueled by different motivations, ranging from business rivalry and financial reasons, to simply wanting to cause widespread damage (sometimes for amusement).

Last year an independent report detailed that 94% of the data breaches suffered by manufacturers could be classified as “espionage”, meaning that these attacks were purposefully targeting proprietary information about products or processes. Corporate rivalry and competition is a deeply motivating cause as well.

Money is also a major factor, motivating extortionists who will hold systems hostage for cash and opportunists that attack systems to manipulate stock values.

Manufacturers suffer attacks from nation-states that may want to cause widespread damage to infrastructure or delay manufacturing for key products (possibly military in nature). These attacks could also be done to negatively affect a country’s economy.

Big hacking incidents that grab headlines are useful for hackers that want to promote their own name. These individuals may want to show off their skills and promote themselves with a big, visible statement. They could also be hacking manufacturing facilities to amuse themselves by messing with unsuspecting and easy targets—not unusual for many hackers.

There are many possible motivations behind attacks on manufacturing industries. Unfortunately, there are also many security issues that make it easy for an attacker to do so.

Security issues in manufacturing facilities

Cybersecurity presents unique challenges to the manufacturing industry, considering the size and scale of the machinery and systems typically found in manufacturing facilities. The systems used in manufacturing—specifically the Industrial Control Systems (ICS) which manage and monitor different aspects of production—have unique vulnerabilities that make them susceptible to cyberattacks. Firstly, manufacturers are connecting previously isolated systems, which increases the attack surface. Upgrades are also installed piecemeal since the systems are very complex, so new software and security features are integrated with older systems slowly. And unlike the healthcare and financial sectors, the manufacturing industry is still adapting to cybersecurity and only have a few regulated compliance standards, such as the ISA/IEC 62443 Standards set by the International Society of Automation (ISA).

Other issues affecting the security of the manufacturing industry:

There is inherent insecurity in Industrial Control Systems (ICS). Many industrial systems actually lack security features such as authentication or encryption, which means that attackers do not need sophisticated tools to gain deeper access to the internal network. If a network is breached, attackers have an easy path to different parts of a system, including the controllers that monitor and manage production processes. A successful attack on ICS may lead to operational shutdowns, damaged equipment, financial loss, intellectual property theft, and substantial health and safety risks.

Many manufacturing companies use legacy software in their ICS, and then update them and connect them to the internet. But because these systems were never meant to be online, they are particularly vulnerable to exploits and hard to patch. At the same time, connectivity exposes them to severe cyber threats. Given the increasing number of global attacks like the ransomware Petya, and the impact it has had on numerous businesses, updating older systems with secure software should be a priority.

Many manufacturing systems also suffer from low visibility. Most ICS are already designed with little or no visibility—massive factories use separate systems with isolated environments. And as systems are slowly upgraded, facility managers can’t see how changes might impact the many different systems connected throughout a factory or a plant. Visibility is important because it makes production or operation more efficient.

Efficiency and output is paramount to any manufacturing operation, so the main goal is to keep the machinery running smoothly. Any change in the environment—like the addition of enhanced security solutions—may affect the process. Many prefer to implement small changes that keep the operations up and reliably running over adding major solutions that may affect operations.

Of course, because of the increasing attacks on the manufacturing industry, addressing these problems is a necessity. Gaining visibility on all assets and establishing monitoring protocols for each part of the system is a good first step. Update and patching policies have to be implemented as well—a challenge for those in manufacturing since it is a complicated undertaking that possibly requires an ICS overhaul and rigorous testing. Cyberattack response and breach prevention strategies should also be established and strengthened.

Of course, for such complicated systems, installing multilayered security for the network and connected devices is the best course of action.

Network Security

Trend Micro provides a variety of solutions which could be installed on ICS and SCADA devices to monitor the traffic to and from these systems. These solutions are good options for devices running non-standard operating systems or those that cannot support an agent.

TippingPoint IPS is an appliance that can detect and block network traffic associated with vulnerabilities being exploited by threat actors targeting ICS and SCADA devices.

Deep Discovery and TippingPoint Advanced Threat Protection are appliances that can detect malicious traffic including command-and-control communications that may be found within these networks and associated with a breach. Unusual SCADA traffic can also be identified.

Device Security

Trend Micro provides a variety of solutions which could be installed on ICS and SCADA devices.

Deep Security includes virtual patching for known vulnerabilities associated with operating systems and applications that may be running on these devices. Application Control only allows known and approved OS/applications to run on these devices. Malware can be detected and removed using multiple scanning technologies. Integrity Monitoring can quickly identify any unauthorized changes to critical files.

OfficeScan includes a variety of technologies to detect and defend against malware as well as web reputation to detect malicious URLs and command-and-control communications. USB device control is also included.

Trend Micro™ Portable Security 2™ is a malware scanning and cleanup tool designed as a USB flash drive for environments where an internet connection is not available or anti-malware software cannot be installed.

Trend Micro Safe Lock can be used for smart whitelisting protection that can keep the system still locked under maintenance, and just allow approved software to be updated.

2019 SECURITY PREDICTIONS

Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape.View the 2019 Security Predictions

2018 MIDYEAR SECURITY ROUNDUP

A review of the first half of 2018 shows a threat landscape that not only has constant and familiar features but also has morphing and uncharted facets: Ever-present threats steadily grew while emerging ones used stealth. View the 2018 Midyear Security Roundup